IT Modernization Information Systems Security Engineer

MTSI is seeking a IT Modernization Information Systems Security Engineer whose primary function will be to provide Senior Cloud Information Systems Security Engineer support to the government program manager to

Your essential job functions will include but may not be limited to:

• Integrate cybersecurity requirements into system architecture, design, and engineering processes from concept through deployment
• Develop and maintain system security artifacts including Security Plans, Security Controls Traceability matrices, architectural diagrams, and engineering documentation
• Perform security engineering analyses, including threat modeling, vulnerability assessments, and security impact analyses of proposed changes
• Select, tailor, and implement security controls aligned with NIST SP 800-53, CNSSI 1253, the Joint Special Access Program (SAP) Implementation Guide, and/or applicable organizational frameworks
• Communicate risk analysis associated with engineered solutions including mitigation strategies, residual risk and risk-benefit recommendations
• Perform requirements analysis, design, and integration for complex software applications and collaboration infrastructures
• Participate in the change management process, including submitting and reviewing Change Requests (CRs) and assisting in the assessment of security impact of proposed changes
• Create and maintain information system security documentation, Standard Operating Procedures (SOP), and provide guidance on active Plans of Action and Milestones (POA&M)
• Conduct periodic and continuous monitoring of the system, procedures, and documentation to ensure compliance with the authorization
• Collaborate with ISSOs, system administrators, and development teams to remediate vulnerabilities and ensure secure system configurations
• Communicate with multiple systems owners to address security relevant design and integration requirements for hybrid systems
• Evaluate cloud supporting technologies in areas of encryption, identity and access control, boundary protection, and logging/monitoring
• Support incident response and forensic analysis as needed, ensuring proper coordination with organizational cybersecurity teams
• Support development and execution of governance frameworks for managing and authorizing national security systems

• 12+ years' technical experience in cybersecurity, information technology, or systems engineering
• Excellent communication skills (verbal and written) required
• Must have experience working with Special Access Programs (SAPs)
• Strong proficiency in Cloud architecture and associated security elements
• Must possess excellent analytical skills and be capable of quantifying risk to enterprise systems and level of compliance with security policy

Advanced knowledge in one or more of the following areas:

• Secure systems engineering practices, including threat modeling, security architecture design, and/or system hardening
• Software Development in Java, Python, Ruby and/or C++
• Linux Expertise
• Dynamic & Static Application Security Scanning (e.g., OPSWAT, OWASP ZAP, BurpSuite, Fortify
• Experience with vulnerability management tools (e.g., Tenable, Defender), SIEM technologies, and secure configuration baselines
• Infrastructure Security Scanning, Vulnerability Scanning (NMAP, Azure Defender, AWS Inspector, ACAS/Nessus)

Certifications:

• Information Systems Security Engineering Professional (ISSEP)
• Certified Cloud Security Professional (CCSP)
• Certified Information Systems Security Professional (CISSP).
• CompTIA Advanced Security Practitioner (CASP)
• GIAC Cloud Security Essentials Certification (GCLD)

Education Requirements:

• Bachelor's degree in engineering, computer science, cybersecurity, networking, or programming
• (Master's degree DESIRED)